Senator asks for details in Thrift Savings breach
Thrift Savings Plan, TSP, is a retirement and investment contribution plan for government employees. A third party contractor of TSP, Serco Inc, was breached in July 2011. The FBI did not state exactly when they discovered the breach, but they notified Serco in April 2012, which is when Serco informed TSP. However, TSP did not notify their account holders until the end of May. TSP officials explained that the delay in notification to the account holders was needed to determine the extent of the breach. The cyber attack gained access to federal employees and TSP account holders’ information. The data exposed included, but not limited to, social security numbers, financial account numbers, routing numbers, and other TSP-related information. According to TSP’s website, a total of 123,201 accounts had been accessed. Within that number 43,000 individuals had their social security, financial numbers and routing numbers exposed and 80,000 of the 123k had their social security number with TSP-related information exposed. The attack was considered advanced.
TSP has 4.5 million account holders, which includes current and retired government employees. Senator Susan Collins is one of the government officials on the committee that is responsible for overseeing the TSP. She is looking into the chronological order of events and justification for the notification delay to the account holders. According to TSP’s website, on May 25, 2012 TSP sent letters to all parties affected and offered a credit monitoring service for one year free of charge. The compromised computer was shutdown and an intense update of IT securities has been initiated. No one has explained how the breach occurred, but the recovery/disaster response has been launched. 32/50
Google Apps Security Beat By CloudFlare Hackers
CloudFlare, a company that originated to track and stop Internet threats, was hacked along with their customer 4Chan. The hacker gained access to the administrative capabilities of CloudFlare to reset the password for 4Chan CloudFlare account. The hack, committed by UGNazi, sent 4Chan visitors directly to an UGNazi twitter account. They claimed 4Chan was targeted because they allowed massive pedophile content on the site.
CloudFlare’s Google apps for business has a two-factor authentication that includes a password and a token, which is a special access code. The hackers used the CEO of CloudFlare, Matthew Price, identity to get around the two-factor authentication permissions by redirecting the recovery password to a phone number to add a new gmail account and have control of the recovery email address. The hacker, utilizing social engineering at its finest, called impersonating Mr. Prince and was able to redirect the recovery system to a land line. Google’s recovery system uses emails and phone numbers to reset passwords. Once the hackers had control of his gmail account, they changed his passwords and accessed CloudFlare’s Google Apps administrative panel. It appears the only customer affected was 4Chan.
This shows that employees can be the weakest link in security. The employee shouldn’t have reset the password after the caller couldn’t answer the security questions. Sometimes these questions can’t be answered by the actual person, but there should be additional controls in place when this happens. For example, they could call the customer back on their listed phone number, well, as long as that number is stored in a strong encryption. Since each customer has a token then maybe use the token to reset the recovery password as well. The hackers had to use social engineering to get into Mr. Prince’s email account because he used a gmail specific password with 20+ characters that were random, and no one else had access to it. This proves companies, even with high security, are at risk to attacks. It would be beneficial to the company to increase awareness of social engineering and instructions on what to expect from impersonators. They should also run vulnerability testing by calling their own customer support service to see who would fall victim to impersonators.
MasterCard and Visa Investigate Data Breach
A data breach at Global Payments, a large third-party credit card transaction processor company, occurred earlier this year by unauthorized access to their servers. This could affect thousands or millions customers, merchants, credit card companies, and banks. Global payments claims card holders names, address, and social security numbers were not on the listed of data stolen. However, bank officials believe some names and address could have been stolen along with credit card numbers. The data on a credit card includes the customer’s name, card number, and other private information. This sensitive information travels from merchants to third-party processors to credit card companies to the issuing banks. According to the article, this is the second breach within a year at Global Payments. Both Visa and Mastercard claimed their systems were not breached. However, Visa will no longer be using Global Payments to process their credit card transactions, and Mastercard has hired an outside data-security consulting firm to assess the situation.
The prevention of authorized access to servers includes multiple procedures, depending on the server used. A good start to prevention is to properly configure the firewall, and maybe even put the DNS server on a separate firewall. Also, identify and monitor entry points, conduct vulnerability testing to confirm, and set specific firewall parameters to evade hackers from taking over the server with malicious rootkits. Other prevention methods include password protection policies and antivirus software.
Thrift Savings Plan, TSP, is a retirement and investment contribution plan for government employees. A third party contractor of TSP, Serco Inc, was breached in July 2011. The FBI did not state exactly when they discovered the breach, but they notified Serco in April 2012, which is when Serco informed TSP. However, TSP did not notify their account holders until the end of May. TSP officials explained that the delay in notification to the account holders was needed to determine the extent of the breach. The cyber attack gained access to federal employees and TSP account holders’ information. The data exposed included, but not limited to, social security numbers, financial account numbers, routing numbers, and other TSP-related information. According to TSP’s website, a total of 123,201 accounts had been accessed. Within that number 43,000 individuals had their social security, financial numbers and routing numbers exposed and 80,000 of the 123k had their social security number with TSP-related information exposed. The attack was considered advanced.
TSP has 4.5 million account holders, which includes current and retired government employees. Senator Susan Collins is one of the government officials on the committee that is responsible for overseeing the TSP. She is looking into the chronological order of events and justification for the notification delay to the account holders. According to TSP’s website, on May 25, 2012 TSP sent letters to all parties affected and offered a credit monitoring service for one year free of charge. The compromised computer was shutdown and an intense update of IT securities has been initiated. No one has explained how the breach occurred, but the recovery/disaster response has been launched.
32/50
Google Apps Security Beat By CloudFlare Hackers
CloudFlare, a company that originated to track and stop Internet threats, was hacked along with their customer 4Chan. The hacker gained access to the administrative capabilities of CloudFlare to reset the password for 4Chan CloudFlare account. The hack, committed by UGNazi, sent 4Chan visitors directly to an UGNazi twitter account. They claimed 4Chan was targeted because they allowed massive pedophile content on the site.
CloudFlare’s Google apps for business has a two-factor authentication that includes a password and a token, which is a special access code. The hackers used the CEO of CloudFlare, Matthew Price, identity to get around the two-factor authentication permissions by redirecting the recovery password to a phone number to add a new gmail account and have control of the recovery email address. The hacker, utilizing social engineering at its finest, called impersonating Mr. Prince and was able to redirect the recovery system to a land line. Google’s recovery system uses emails and phone numbers to reset passwords. Once the hackers had control of his gmail account, they changed his passwords and accessed CloudFlare’s Google Apps administrative panel. It appears the only customer affected was 4Chan.
This shows that employees can be the weakest link in security. The employee shouldn’t have reset the password after the caller couldn’t answer the security questions. Sometimes these questions can’t be answered by the actual person, but there should be additional controls in place when this happens. For example, they could call the customer back on their listed phone number, well, as long as that number is stored in a strong encryption. Since each customer has a token then maybe use the token to reset the recovery password as well. The hackers had to use social engineering to get into Mr. Prince’s email account because he used a gmail specific password with 20+ characters that were random, and no one else had access to it. This proves companies, even with high security, are at risk to attacks. It would be beneficial to the company to increase awareness of social engineering and instructions on what to expect from impersonators. They should also run vulnerability testing by calling their own customer support service to see who would fall victim to impersonators.
MasterCard and Visa Investigate Data Breach
A data breach at Global Payments, a large third-party credit card transaction processor company, occurred earlier this year by unauthorized access to their servers. This could affect thousands or millions customers, merchants, credit card companies, and banks. Global payments claims card holders names, address, and social security numbers were not on the listed of data stolen. However, bank officials believe some names and address could have been stolen along with credit card numbers. The data on a credit card includes the customer’s name, card number, and other private information. This sensitive information travels from merchants to third-party processors to credit card companies to the issuing banks. According to the article, this is the second breach within a year at Global Payments. Both Visa and Mastercard claimed their systems were not breached. However, Visa will no longer be using Global Payments to process their credit card transactions, and Mastercard has hired an outside data-security consulting firm to assess the situation.
The prevention of authorized access to servers includes multiple procedures, depending on the server used. A good start to prevention is to properly configure the firewall, and maybe even put the DNS server on a separate firewall. Also, identify and monitor entry points, conduct vulnerability testing to confirm, and set specific firewall parameters to evade hackers from taking over the server with malicious rootkits. Other prevention methods include password protection policies and antivirus software.
50/50